The number of cases of malware targeting Macs is continuing to surge, growing by 53% over just the first quarter of 2017, according to an analysis from security firm McAfee. And throughout 2016, it grew by a massive 744%.

The reason for this huge and continued growth is adware bundling, McAfee says.

In other words, people are installing apps that come bundled with dodgy software ("adware") that sticks ads on their computer. It's invasive, but it's not necessarily as catastrophic as other types of malware — like ransomware, which encrypts your data and forces you to pay a ransom to get it back (though multiple kinds can come bundled together, of course).

The growth in Mac malware, while alarming, is still nothing compared to the amount of malware for Windows that McAfee identified.

The company quickly acknowledged the problem, releasing a support document guiding users through how to fix the problem caused by the critical bug patch. Unfortunately, to perform the necessary repair, users have to use an advanced feature of the operating system called the Terminal and perform command line actions:

Open the Terminal app, which is in the Utilities folder of your Applications folder. Type sudo /usr/libexec/configureLocalKDC and press Return. Enter your administrator password and press Return. Quit the Terminal app.

Despite the straightforward explanation and commands provided by Apple, many Mac users will not have experience of running commands within Terminal, a program designed to give advanced users direct, text-based access to underlying systems within macOS.

Early this morning, security researcher Arnaud Abbati of SentinelOne tweeted about new Mac malware being distributed via MacUpdate. This malware, which Abbati has named OSX.CreativeUpdate, is a new cryptocurrency miner, designed to sit in the background and use your computer’s CPU to mine the Monero currency. ......

Finally, be aware that the old adage that “Macs don’t get viruses,” which has never been true, is proven to be increasingly false. This is the third piece of Mac malware so far this year, following OSX.MaMi and OSX.CrossRAT. That doesn’t even consider the wide variety of adware and junk software out there. Do not let yourself believe that Macs don’t get infected, as that will make you more vulnerable.

Apple customers have been warned that they may have been exposed to hackers “hiding in plain sight” on their Mac devices after a 15-year-old vulnerability was discovered by a cyber security researcher.

The exploit could allow a hacker to install malicious software on devices like MacBooks to access personal, financial and sensitive insider information by fooling security products into thinking it is safe.

This would enable hackers to circumvent antivirus protection by pretending to be Apple, using a technique called “code signing” and sit on the device for years without the owner knowing.

The trick is quite subtle and relies on a number of preconditions – so exploitation would be difficult in practice. Okta has no evidence of the flaw ever being abused, which isn't to say it's a non-issue, only that it's not exactly a gaping hole.

Okta, the people who discovered it, seem to see things a little differently:

Quote

By exploiting this vulnerability, threat actors can trick even the most security-savvy people and bypass a core security function that most end users don’t know or think about as they go about their digital activities. And, with the proliferation of apps for the workplace and personal use in everybody’s daily lives, bad actors can easily abuse this vulnerability.

A highly popular top-tier app in Apple's Mac App Store that's designed to protect its users from adware and malware threats has been, ironically, found surreptitiously stealing their browsing history without their consent, and sending it to a server in China.

What's more concerning? Even after Apple was warned a month ago, the company did not take any action against the app.

The app in question is "Adware Doctor," the Mac App Store No. 1 paid utility and also ranked as the fourth most popular paid app on the store, which sells for $4.99 and markets itself to be the "best app" to prevent "malware and malicious files from infecting your Mac."

Apple has removed almost all popular security apps offered by well-known cyber-security vendor Trend Micro from its official Mac App Store after they were caught stealing users' sensitive data without their consent.

The apps were removed just two days after Apple kicked out another popular "Adware Doctor" application for collecting and sending browser history data from users' Safari, Chrome, and Firefox to a server in China.

The suspicious behavior of Trend Micro apps was initially reported by a user on the Malwarebytes forum in December 2017.